Search for vulnerabilities
Vulnerability details: VCID-xeb2-8f8f-aaaq
Vulnerability ID VCID-xeb2-8f8f-aaaq
Aliases CVE-2008-5036
Summary Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.69531 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.77732 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96700 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96788 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96788 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96788 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
epss 0.96946 https://api.first.org/data/v1/epss?cve=CVE-2008-5036
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2008-5036
Reference id Reference type URL
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447
https://api.first.org/data/v1/epss?cve=CVE-2008-5036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036
http://secunia.com/advisories/32569
http://secunia.com/advisories/33315
http://security.gentoo.org/glsa/glsa-200812-24.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/46376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329
https://www.exploit-db.com/exploits/7051
http://www.openwall.com/lists/oss-security/2008/11/05/4
http://www.openwall.com/lists/oss-security/2008/11/05/5
http://www.openwall.com/lists/oss-security/2008/11/10/13
http://www.securityfocus.com/archive/1/498111/100/0/threaded
http://www.securityfocus.com/bid/32125
http://www.videolan.org/security/sa0810.html
cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
CVE-2008-5036 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/7051.pl
CVE-2008-5036 https://nvd.nist.gov/vuln/detail/CVE-2008-5036
CVE-2008-5036;OSVDB-49809 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/18548.rb
CVE-2008-5036;OSVDB-49809 Exploit http://www.trapkit.de/advisories/TKADV2008-011.txt
GLSA-200812-24 https://security.gentoo.org/glsa/200812-24
Data source Exploit-DB
Date added Nov. 6, 2008
Description VideoLAN VLC Media Player < 0.9.6 - '.rt' Local Stack Buffer Overflow
Ransomware campaign use Known
Source publication date Nov. 7, 2008
Exploit type local
Platform windows
Data source Metasploit
Description This module exploits a stack buffer overflow vulnerability in VideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.
Note 
{}
Ransomware campaign use Unknown
Source publication date Nov. 5, 2008
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/fileformat/vlc_realtext.rb
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-5036
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.98541
EPSS Score 0.69531
Published At May 21, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.